<?php
session_start();
include("../inc/config.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Azeroth-Gaming - ACP</title>

<!-- CSS -->
<link href="style/css/transdmin.css" rel="stylesheet" type="text/css" media="screen" />
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen" href="style/css/ie6.css" /><![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen" href="style/css/ie7.css" /><![endif]-->

<!-- JavaScripts-->
<script type="text/javascript" src="style/js/jquery.js"></script>
<script type="text/javascript" src="style/js/jNice.js"></script>
</head>

<body>
<?php
if(!isset($_SESSION['username']))
{
echo "<META http-equiv='refresh' content='1; URL=log.php'>";
die();
}
else{
?>
	<div id="wrapper">
    	<!-- h1 tag stays for the logo, you can use the a tag for linking the index page -->
    	<h1><a href="#"><span>Transdmin Light</span></a></h1>
        
        <!-- You can name the links with lowercase, they will be transformed to uppercase by CSS, we prefered to name them with uppercase to have the same effect with disabled stylesheet -->
        <ul id="mainNav">
        	<li><a href="index.php">Main</a></li> <!-- Use the "active" class for the active menu item  -->
        	<li><a href="profile.php" class="active">Admin Panel</a></li>
        	<li class="logout"><a href="logout.php">LOGOUT</a></li>
			<li class="logout"><a href="#"><?php print("Welcome <font color='#FFC100'>".$_SESSION['username']."</font>");?></li>
        </ul>
        <!-- // #end mainNav -->
        
        <div id="containerHolder">
			<div id="container">
        		<div id="sidebar">
                	<ul class="sideNav">
                    	<li><a href="#" class="active">Password</a></li>
                    </ul>
                    <!-- // .sideNav -->
                </div>    
                <!-- // #sidebar -->
                
                <!-- h2 stays for breadcrumbs -->
                <h2><a href="#">Admin Panel</a> &raquo; <a href="#" class="active">Password</a></h2>
                
                <div id="main">
					<h3>Change Pass</h3>
					<form name='submit' method='post' class='jNice'>
					<fieldset>
					<p><label>Account Name:</label></p>
					<p><label><?php print("<font color='#FFC100'>".$_SESSION['username']."</font>");?></label></p>
					<p><label>Old Password:</label><input type="password" name="passwordOld" class="text-long" /></p>
                    <p><label>New Password:</label><input type="password" name="passwordNew" class="text-medium" /></p>
                    <p><label>Re-Enter Password:</label><input type="password" name="passwordNew1" class="text-medium" /></p>
					<input type="submit" name="submit" value="Submit" />
					
					
					
					<?php
	if(isset($_POST['submit']))
{
	$account = $_SESSION['username'];
	$passwordOld = $_POST['passwordOld'];
	$passwordNew = $_POST['passwordNew'];
	$passwordNew1 = $_POST['passwordNew1'];
	$passwordolde = sha1(strtoupper($account) . ":" . strtoupper($passwordOld));
	$passwordnewe = sha1(strtoupper($account) . ":" . strtoupper($passwordNew));
	$passwordNew1e = sha1(strtoupper($account) . ":" . strtoupper($passwordNew1));

	$account = /*mysql_real_escape_string*/($account);
	$eoldpass = strtoupper($passwordolde);
	$enewpass = strtoupper($passwordnewe);
	$enewpass1 = strtoupper($passwordNew1e);
	
$con = mysql_connect("$host", "$user", "$pass") or die(mysql_error());
	mysql_select_db("$cmsdb", $con) or die(mysql_error());
	$query = "SELECT id FROM account WHERE username = '".$_SESSION['username']."' AND sha_pass_hash = '".$eoldpass."'";

	$result = mysql_query($query) or die(mysql_error());
	$numrows = mysql_num_rows($result);

	echo "<tr><td align=center>";

	//if no rows exist, the character does not exist
	if($enewpass != $enewpass1)
	{
		die("<center><font color='#01B2F1'>New password fields must match!</font></center>");
	}
	if($numrows == 0)
	{
		die("<center><font color='#01B2F1'>Invalid account name/password!</font></center>");
	}

	$query = "UPDATE account SET sha_pass_hash = '".$enewpass."' WHERE username = '".$account."'";
	$result = mysql_query($query) or die(mysql_error());

	echo "<center>";
	echo "<br />";
	echo "<br />";
	echo "<font color='#01B2F1'>Password for the Account '<b>".$_SESSION['username']."</b>' has been successfully changed!</font><br />";

	echo "</td></tr>";
	}
	?>
					</fieldset>
                    
                </div>
                <!-- // #main -->
                
                <div class="clear"></div>
            </div>
            <!-- // #container -->
        </div>	
        <!-- // #containerHolder -->
        
        <p id="footer">Azeroth-Gaming ACP</br>Coded By <a href="http://www.perspectived.com">Ac0</a></p>
    </div>
    <!-- // #wrapper -->
	<?php } ?>
</body>
</html>
